-
Notifications
You must be signed in to change notification settings - Fork 195
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1792 from digitallyinduced/nixos-deploy
deploy-to-nixos Command
- Loading branch information
Showing
13 changed files
with
755 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# Running an IHP web server + Worker | ||
{ config, pkgs, modulesPath, lib, ihp, ... }: | ||
let cfg = config.services.ihp; | ||
in | ||
{ | ||
imports = [ | ||
ihp.nixosModules.options | ||
ihp.nixosModules.services_app | ||
ihp.nixosModules.services_worker | ||
ihp.nixosModules.services_migrate | ||
]; | ||
|
||
# Speed up builds with the IHP binary cache | ||
nix.settings.substituters = [ "https://digitallyinduced.cachix.org" ]; | ||
nix.settings.trusted-public-keys = [ "digitallyinduced.cachix.org-1:y+wQvrnxQ+PdEsCt91rmvv39qRCYzEgGQaldK26hCKE=" ]; | ||
|
||
# Pin the nixpkgs to the IHP nixpkgs | ||
nix.registry.nixpkgs.flake = nixpkgs; | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
# Running IHP app + a local Postgres connected to it | ||
{ config, pkgs, modulesPath, lib, ihp, ... }: | ||
let cfg = config.services.ihp; | ||
in | ||
{ | ||
imports = [ | ||
ihp.nixosModules.options | ||
ihp.nixosModules.services_app | ||
ihp.nixosModules.services_worker | ||
ihp.nixosModules.services_migrate | ||
]; | ||
|
||
# Speed up builds with the IHP binary cache | ||
nix.settings.substituters = [ "https://digitallyinduced.cachix.org" ]; | ||
nix.settings.trusted-public-keys = [ "digitallyinduced.cachix.org-1:y+wQvrnxQ+PdEsCt91rmvv39qRCYzEgGQaldK26hCKE=" ]; | ||
|
||
# Add swap to avoid running out of memory during builds | ||
swapDevices = [ { device = "/swapfile"; size = 8192; } ]; | ||
|
||
# Vim and psql commands are helpful when accessing the server | ||
environment.systemPackages = with pkgs; [ vim postgresql ]; | ||
programs.vim.defaultEditor = true; | ||
|
||
system.stateVersion = "23.05"; | ||
|
||
# Allow public access | ||
networking.firewall.enable = true; | ||
networking.firewall.allowedTCPPorts = [ 80 22 ]; | ||
|
||
# Enable Letsencrypt | ||
# TODO security.acme.defaults.email = email; | ||
security.acme.acceptTerms = true; | ||
|
||
# Add a loadbalancer | ||
services.nginx = { | ||
enable = true; | ||
enableReload = true; | ||
recommendedProxySettings = true; | ||
recommendedGzipSettings = true; | ||
recommendedOptimisation = true; | ||
recommendedTlsSettings = true; | ||
}; | ||
|
||
# Setup the domain | ||
services.nginx.virtualHosts = { | ||
"${cfg.domain}" = { | ||
serverAliases = [ ]; | ||
enableACME = cfg.httpsEnabled; | ||
forceSSL = cfg.httpsEnabled; | ||
locations = { | ||
"/" = { | ||
proxyPass = "http://localhost:8000"; | ||
proxyWebsockets = true; | ||
extraConfig = | ||
# required when the target is also TLS server with multiple hosts | ||
"proxy_ssl_server_name on;" + | ||
# required when the server wants to use HTTP Authentication | ||
"proxy_pass_header Authorization;"; | ||
}; | ||
}; | ||
}; | ||
}; | ||
|
||
# Postgres | ||
services.postgresql = { | ||
enable = true; | ||
ensureDatabases = [ cfg.databaseName ]; | ||
ensureUsers = [ | ||
{ | ||
name = cfg.databaseUser; | ||
ensurePermissions = { | ||
"DATABASE ${cfg.databaseName}" = "ALL PRIVILEGES"; | ||
}; | ||
} | ||
]; | ||
initialScript = pkgs.writeText "ihp-initScript" '' | ||
CREATE TABLE IF NOT EXISTS schema_migrations (revision BIGINT NOT NULL UNIQUE); | ||
\i ${ihp}/lib/IHP/IHPSchema.sql | ||
\i ${cfg.schema} | ||
\i ${cfg.fixtures} | ||
''; | ||
}; | ||
|
||
services.ihp.databaseUrl = ""; # TODO: Set this to some real value | ||
|
||
# Enable automatic GC to avoid the disk from filling up | ||
# | ||
# https://github.com/digitallyinduced/ihp/pull/1792#pullrequestreview-1570755863 | ||
# | ||
# " It's was a recurring problem on Shipnix that people ran out of disk space and the database service crashed without this" | ||
nix.gc = { | ||
automatic = true; | ||
dates = "weekly"; | ||
options = "--delete-older-than 30d"; | ||
}; | ||
|
||
# Saves disk space by detecting and handling identical contents in the Nix Store | ||
nix.settings.auto-optimise-store = true; | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
# Running IHP app + a local Postgres connected to it | ||
{ config, pkgs, modulesPath, lib, ... }: | ||
with lib; | ||
{ | ||
options.services.ihp = { | ||
enable = mkEnableOption "IHP"; | ||
domain = mkOption { | ||
type = types.str; | ||
default = "localhost"; | ||
}; | ||
|
||
baseUrl = mkOption { | ||
type = types.str; | ||
default = "https://${config.services.ihp.domain}"; | ||
}; | ||
|
||
migrations = mkOption { | ||
type = types.path; | ||
}; | ||
|
||
schema = mkOption { | ||
type = types.path; | ||
}; | ||
|
||
fixtures = mkOption { | ||
type = types.path; | ||
}; | ||
|
||
httpsEnabled = mkOption { | ||
type = types.bool; | ||
default = true; | ||
}; | ||
|
||
databaseName = mkOption { | ||
type = types.str; | ||
default = "app"; | ||
}; | ||
|
||
databaseUser = mkOption { | ||
type = types.str; | ||
default = "ihp"; | ||
}; | ||
|
||
databaseUrl = mkOption { | ||
type = types.str; | ||
}; | ||
|
||
# https://ihp.digitallyinduced.com/Guide/database-migrations.html#skipping-old-migrations | ||
minimumRevision = mkOption { | ||
type = types.int; | ||
default = 0; | ||
}; | ||
|
||
ihpEnv = mkOption { | ||
type = types.str; | ||
default = "Production"; | ||
}; | ||
|
||
appPort = mkOption { | ||
type = types.int; | ||
default = 8000; | ||
}; | ||
|
||
requestLoggerIPAddrSource = mkOption { | ||
type = types.str; | ||
default = "FromHeader"; | ||
}; | ||
|
||
sessionSecret = mkOption { | ||
type = types.str; | ||
}; | ||
|
||
additionalEnvVars = mkOption { | ||
type = types.attrs; | ||
default = {}; | ||
}; | ||
}; | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
{ config, pkgs, modulesPath, lib, ihpApp, ... }: | ||
let | ||
cfg = config.services.ihp; | ||
in | ||
{ | ||
systemd.services.app = { | ||
description = "IHP App"; | ||
enable = true; | ||
after = [ "network.target" ]; | ||
wantedBy = [ "multi-user.target" ]; | ||
serviceConfig = { | ||
Type = "simple"; | ||
Restart = "always"; | ||
WorkingDirectory = "${ihpApp}/lib"; | ||
ExecStart = "${ihpApp}/bin/RunProdServer"; | ||
}; | ||
environment = | ||
let | ||
defaultEnv = { | ||
PORT = "${toString cfg.appPort}"; | ||
IHP_ENV = cfg.ihpEnv; | ||
IHP_BASEURL = cfg.baseUrl; | ||
IHP_REQUEST_LOGGER_IP_ADDR_SOURCE = cfg.requestLoggerIPAddrSource; | ||
DATABASE_RUL = cfg.databaseUrl; | ||
IHP_SESSION_SECRET = cfg.sessionSecret; | ||
}; | ||
in | ||
defaultEnv // cfg.additionalEnvVars; | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
{ config, pkgs, ihp, ... }: | ||
let cfg = config.services.ihp; | ||
in | ||
{ | ||
systemd.services.migrate = | ||
let migrateApp = pkgs.stdenv.mkDerivation { | ||
name = "migrate-app"; | ||
src = cfg.migrations; | ||
buildPhase = '' | ||
mkdir -p $out/Application/Migration | ||
cp $src/* $out/Application/Migration | ||
''; | ||
}; | ||
in { | ||
serviceConfig = { | ||
Type = "oneshot"; | ||
}; | ||
script = '' | ||
cd ${migrateApp} | ||
${ihp.apps.x86_64-linux.migrate.program} | ||
''; | ||
environment = { | ||
DATABASE_URL = cfg.databaseUrl; | ||
MINIMUM_REVISION = "${toString cfg.minimumRevision}"; | ||
}; | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
{ config, pkgs, ihpApp, lib, ... }: | ||
let | ||
cfg = config.services.ihp; | ||
in | ||
{ | ||
systemd.services.worker = { | ||
enable = true; | ||
after = [ "network.target" ]; | ||
wantedBy = [ "multi-user.target" ]; | ||
serviceConfig = { | ||
Type = "simple"; | ||
Restart = "always"; | ||
WorkingDirectory = "${ihpApp}/lib"; | ||
ExecStart = "${ihpApp}/bin/RunJobs"; | ||
}; | ||
environment = | ||
let | ||
defaultEnv = { | ||
PORT = "${toString cfg.appPort}"; | ||
IHP_ENV = cfg.ihpEnv; | ||
IHP_BASEURL = cfg.baseUrl; | ||
IHP_REQUEST_LOGGER_IP_ADDR_SOURCE = cfg.requestLoggerIPAddrSource; | ||
DATABASE_RUL = cfg.databaseUrl; | ||
IHP_SESSION_SECRET = cfg.sessionSecret; | ||
}; | ||
in | ||
defaultEnv // cfg.additionalEnvVars; | ||
}; | ||
} |
Oops, something went wrong.